WireMCP
123
WireMCP is a Model Context Protocol server that enhances LLM capabilities by analyzing network traffic in real-time. It offers powerful tools for threat analysis, diagnostics, and security through integration with Wireshark utilities.
WireMCP
WireMCP is an MCP server specialized in real-time network traffic analysis designed for Large Language Models (LLMs). It utilizes Wireshark's tools for capturing and processing live network data, aiding in tasks such as threat hunting and diagnostics.
Features
capture_packets: Captures live traffic, providing raw packet data in JSON.get_summary_stats: Delivers protocol hierarchy statistics.get_conversations: Provides TCP/UDP conversation statistics.check_threats: Checks IPs against the URLhaus blacklist.check_ip_threats: Lookups for specific IPs across multiple threat feeds.analyze_pcap: Analyzes PCAP files, offering detailed data.extract_credentials: Scans PCAP for potential credentials.
Installation
- Requires Wireshark, Node.js, and npm.
- Clone the repository and install dependencies.
Usage
Works with any MCP-compliant client. Example configurations for clients like Cursor are provided.